Help with Virus "Generic PWS.y" (Trojan) and "Generic.dx" ..

External Since: Jun 18, 2006 Posts: 41

On Sat, 20 Sep 2008 19:07:42 -0400, Jim <nospam.TakeThisOut@nospam.com> wrote:

*********my replies are inline***************

> I was wrong about the scanning time of SAS, it is longer than I
> thought, took almost as long as Spybot, as today I did a complete
> scan and it took over 50 minutes with an 80 GB and a 60 GB drive
> in my laptop.

Do you have the latest and greatest version of spybot installed? It is
supposed to be faster than previous versions. Anyway, 140 gb/1 hour is a
little over 2 gb a minute, which seems reasonable to me, but I have no
idea how much data was actually scanned and what, if any, other programs
were running at the time. I know that spybot has some tweaks you could
apply to shorten scan times but I don't know if SAS has any settings that
can be changed.

>
> On Sat, 20 Sep 2008 09:32:30 -0500, Jim <nospam.TakeThisOut@nospam.com> wrote:
>
>> Max;
>>
>> The SAS program found 19 tracking cookies that had been missed by both
>> McAfee and Spybot. I had already taken your advice and stopped
>> the system restore which got rid of the other Trojan.
>>
>> Also, another benefit, the Super Anti Spyware is at least 10 times
>> faster than Spybot and McAfee. With Spybot, a full scan takes well
>> over an hour, probably two. SAS is really very fast and a full scan
>> might take 20 minutes or less, and I have two large drives on this
>> laptop.
>>
>> Thanks again for your assistance.
>>
>> I guess if a programmer knew machine language, he could
>> go into the GENERIC.PWS Trojan, disassemble it, and find out just who
>> and
>> where it was reporting to, is that right, as it must report to some
>> site or IP address? McAfee rates this trojan threat low.

I think that they try to do some type of investigating but I'm sure those
IP addys are changed all the time.

>> I think my card problem came from the company I placed the
>> order with, but the owner denied vehemently it could have come
>> from him, as he said he trusted his employees implicitly, and
>> was very upset I even suggested it. However, I wonder if his
>> webmaster or his computer network is really safe? The time involved
>> from the time I placed the order until the credit card company
>> notified me was only a few hours They had to move fast whatever
>> they did. I think from now on will just call the company and give
>> order verbally, but it is very convenient to be able to place an order
>> at 2 am....
>>
>> Jim

Yes it is but at what cost? You found out the hard way. You need to figure
out how you got infected in the first place. The company is probally
right, as you are the one that had the infestation. Do you practice
"safe-hex"? Maybe you need a bigger rubber! It's like the wild,wild,'net
out here, lots of bandits and not many sherrifs.

>> On Fri, 19 Sep 2008 09:04:19 -0400, "What's in a Name?"
>> <maxwachtel.TakeThisOut@nomail.afraid.org> wrote:
>>
>>> On Fri, 19 Sep 2008 08:43:09 -0400, Jim <nospam.TakeThisOut@nospam.com> wrote:
>>>
>>>> Thanks for the help. Should I remove SPYBOT before installing
>>>> the two programs you recommend, I have already downloaded them
>>>> but did not install them yet.
>>>>
>>>> Jim
>>>
>>> If you mean Spybot Search+Destroy, you should leave it installed.
>>> Post back with results.
>>> max
--
Virus Removal http://max.shplink.com/removal.html
Keep Clean http://max.shplink.com/keepingclean.html
Change nomail.afraid.org to gmail.com to reply by email.
nomail.afraid.org is setup for use in USENET by everyone

External Since: Feb 16, 2008 Posts: 24

Duh, you didn't read that I said McAfee said it had taken care of
the problem. I believed it.

On Sat, 20 Sep 2008 22:32:23 -0400, "Galen" <galennews.DeleteThis@gmail.com>
wrote:

>My reply is at the bottom of your sent message.
>
>In news:0446d4dsi0dvto0i3incle9b63fngtdv27@4ax.com,
>Jim <nospam.DeleteThis@nospam.com> typed:
>
>
>> I am using McAfee 2008 and it has been catching this virus or trojan
>> every time it scans the computer recently. It always says it repaired
>> the virus by removing it. However, it appears to keep coming back,
>> making me think that it's parked somewhere else on the laptop and is
>> regenerating itself somehow.
>
><snip>
>
>> The reason I am concerned is that today I got a call from my credit
>> card security center saying my card had been compromised shortly after
>> I placed an order online at a place called Texas Towers in PLano, TX.
>
><snip>
>
>> Thanks for any suggestions.
>
>I'll type carefully because I don't want to come off sounding like a jerk.
>But...
>
>You had reason to suspect you were infected. You used the computer to
>transmit your credit card and who knows how much other personal information.
>Don't do that. Security is NOT a product. It is an awareness, if you'd like.
>It is a state of mind. It is a compromise between what you need to do and
>what risks you'll accept.
>
>Cancel your card immediately and order one of the credit watch services to
>ensure that these people don't now go out and get new accounts in your name.
>
>Anti-malware products are generally only good at preventing infection and
>then they're only good at preventing what they have signatures for. This is
>the time when you get ready to completely format your PC and do a new
>installation following the Good Hex principles.
>
>I hope that I didn't sound like a jerk or too harsh. Hopefully this is a
>small price to pay to learn this lesson and hopefully it doesn't result in a
>completely stolen identity or the likes.